Continuous monitoring
Encyclopedia
Continuous monitoring is the process and technology
used to detect compliance
and risk
issues associated with an organization's financial
and operational environment.
The financial and operational environment consists of people, processes, and systems working together to support efficient and effective operations. Controls are put in place to address risk
s within these components. Through continuous monitoring of the operations and controls, weak or poorly designed or implemented controls can be corrected or replaced – thus enhancing the organization’s operational risk profile.
Investors, governments, the public and other stakeholders continue to increase their demands for more effective corporate governance and business transparency
.
Effective corporate governance
requires more than attending board and committee meetings where directors and senior managers discuss governance issues from the 50,000 foot level. It takes directors and senior management overseeing the organization with a broader and deeper perspective than in the past. Organizations now must demonstrate they are not only profitable but also ethical, in compliance with a myriad of regulations, and are addressing sustainability.
To be effective, those involved in the organizational governance process must take an enterprise wide view of where the organization has been, where it is and where it could and should be going. This enterprise wide view also must include consideration of the global, national and local economies, the strengths and weaknesses of the organization’s culture, and how the organization approaches managing risk.
Managing risk involves actions beyond establishing and communicating policies and procedures at a high level. It includes understanding the need for (and exercising) both qualitative and quantitative judgment at the governance and operational level on a routine basis (including having an effective system of internal control). The Sarbanes-Oxley Act
of 2002 http://www.soxlaw.com/ created new and higher level requirements for organizations to establish effective internal controls and to assure compliance on an on-going basis.
As organizations have set about to institute compliance programs they have learned they must come up with new methods for maintaining that compliance. Continuous monitoring is part of the solution. It can be a key component of carrying out the quantitative judgment part of an organization’s overall enterprise risk management.
Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organizations financial and operational activities. It actively identifies, quantifies and reports control failures such as duplicate vendor or customer records, duplicate payments, and transactions that fall outside of approved parameters. A by-product of continuous monitoring is it highlights opportunities to improve operational processes.
Continuous monitoring can be traced back to its roots in traditional auditing processes. It goes further than a traditional periodic snapshot audit by putting in place continuous monitoring of transactions and controls so that weak or poorly designed or implemented controls can be corrected or replaced sooner rather than later.
Timely identification of problems or weaknesses and quick corrective action can help reduce the cost of any required periodic financial, regulatory, and operational reviews to a reasonable level. A Financial Executives International (FEI) March 2005 survey indicated it could cost an average of $4.36 million for a company to test for and ensure year-one compliance with Sarbanes-Oxley Act
Section 404 http://www.soxlaw.com/s404.htm.
Continuous monitoring typically includes solutions that address the three operational disciplines known as
• Continuous Audit
• Continuous Controls Monitoring
• Continuous Transaction Inspection
Continuous monitoring systems can examine 100% of transactions and data processed in different applications and databases. The continuous monitoring systems can test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors, or other possible breakdowns in internal controls. Testing can be done tests for processes like payroll, sales order processing, purchasing and payables processing including travel and entertainment expenses and purchasing cards, and inventory transactions.
With business transactions being executed 24 hours a day, 7 days a week over the web, or at multiple locations on multiple systems around the world, it is daunting to consider how any CFO Chief financial officer
or CEO Chief executive officer
can effectively attest to the effectiveness of their internal controls. Continuous monitoring offers an additional control method that may help these CEO’s and CFO’s rest a little better at night.
Companies providing continuous controls monitoring include
CaseWare International
,
ACL (software) Services Ltd.,
Approva,
BWise,
Oversight Systems
,
WebMethods from Software AG,
Fulcrumway,
EventTracker from Prism Microsystems,
http://www.prismmicrosys.com/EventTrackerSIEM/index.php
Continuous monitoring typically includes solutions that address the three operational disciplines known as
Technology
Technology is the making, usage, and knowledge of tools, machines, techniques, crafts, systems or methods of organization in order to solve a problem or perform a specific function. It can also refer to the collection of such tools, machinery, and procedures. The word technology comes ;...
used to detect compliance
Compliance (regulation)
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and...
and risk
Risk
Risk is the potential that a chosen action or activity will lead to a loss . The notion implies that a choice having an influence on the outcome exists . Potential losses themselves may also be called "risks"...
issues associated with an organization's financial
Finance
"Finance" is often defined simply as the management of money or “funds” management Modern finance, however, is a family of business activity that includes the origination, marketing, and management of cash and money surrogates through a variety of capital accounts, instruments, and markets created...
and operational environment.
The financial and operational environment consists of people, processes, and systems working together to support efficient and effective operations. Controls are put in place to address risk
Risk
Risk is the potential that a chosen action or activity will lead to a loss . The notion implies that a choice having an influence on the outcome exists . Potential losses themselves may also be called "risks"...
s within these components. Through continuous monitoring of the operations and controls, weak or poorly designed or implemented controls can be corrected or replaced – thus enhancing the organization’s operational risk profile.
Investors, governments, the public and other stakeholders continue to increase their demands for more effective corporate governance and business transparency
Transparency (social)
Transparency is a general quality. It is implemented by a set of policies, practices and procedures that allow citizens to have accessibility, usability, utility, understandability, informativeness and auditability of information and process held by centers of authority...
.
Effective corporate governance
Governance
Governance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or part of management or leadership processes...
requires more than attending board and committee meetings where directors and senior managers discuss governance issues from the 50,000 foot level. It takes directors and senior management overseeing the organization with a broader and deeper perspective than in the past. Organizations now must demonstrate they are not only profitable but also ethical, in compliance with a myriad of regulations, and are addressing sustainability.
To be effective, those involved in the organizational governance process must take an enterprise wide view of where the organization has been, where it is and where it could and should be going. This enterprise wide view also must include consideration of the global, national and local economies, the strengths and weaknesses of the organization’s culture, and how the organization approaches managing risk.
Managing risk involves actions beyond establishing and communicating policies and procedures at a high level. It includes understanding the need for (and exercising) both qualitative and quantitative judgment at the governance and operational level on a routine basis (including having an effective system of internal control). The Sarbanes-Oxley Act
Sarbanes-Oxley Act
The Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
of 2002 http://www.soxlaw.com/ created new and higher level requirements for organizations to establish effective internal controls and to assure compliance on an on-going basis.
As organizations have set about to institute compliance programs they have learned they must come up with new methods for maintaining that compliance. Continuous monitoring is part of the solution. It can be a key component of carrying out the quantitative judgment part of an organization’s overall enterprise risk management.
Continuous monitoring is the process and technology used to detect compliance and risk issues associated with an organizations financial and operational activities. It actively identifies, quantifies and reports control failures such as duplicate vendor or customer records, duplicate payments, and transactions that fall outside of approved parameters. A by-product of continuous monitoring is it highlights opportunities to improve operational processes.
Continuous monitoring can be traced back to its roots in traditional auditing processes. It goes further than a traditional periodic snapshot audit by putting in place continuous monitoring of transactions and controls so that weak or poorly designed or implemented controls can be corrected or replaced sooner rather than later.
Timely identification of problems or weaknesses and quick corrective action can help reduce the cost of any required periodic financial, regulatory, and operational reviews to a reasonable level. A Financial Executives International (FEI) March 2005 survey indicated it could cost an average of $4.36 million for a company to test for and ensure year-one compliance with Sarbanes-Oxley Act
Sarbanes-Oxley Act
The Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
Section 404 http://www.soxlaw.com/s404.htm.
Continuous monitoring typically includes solutions that address the three operational disciplines known as
• Continuous Audit
• Continuous Controls Monitoring
• Continuous Transaction Inspection
Continuous monitoring systems can examine 100% of transactions and data processed in different applications and databases. The continuous monitoring systems can test for inconsistencies, duplication, errors, policy violations, missing approvals, incomplete data, dollar or volume limit errors, or other possible breakdowns in internal controls. Testing can be done tests for processes like payroll, sales order processing, purchasing and payables processing including travel and entertainment expenses and purchasing cards, and inventory transactions.
With business transactions being executed 24 hours a day, 7 days a week over the web, or at multiple locations on multiple systems around the world, it is daunting to consider how any CFO Chief financial officer
Chief financial officer
The chief financial officer or Chief financial and operating officer is a corporate officer primarily responsible for managing the financial risks of the corporation. This officer is also responsible for financial planning and record-keeping, as well as financial reporting to higher management...
or CEO Chief executive officer
Chief executive officer
A chief executive officer , managing director , Executive Director for non-profit organizations, or chief executive is the highest-ranking corporate officer or administrator in charge of total management of an organization...
can effectively attest to the effectiveness of their internal controls. Continuous monitoring offers an additional control method that may help these CEO’s and CFO’s rest a little better at night.
Companies providing continuous controls monitoring include
CaseWare International
CaseWare International
CaseWare International Inc. develops software for accounting, audit, finance, risk and governance professionals.-History:CaseWare International started in 1988, when founder and chartered accountant, Dwight Wainman, expanded his accounting practice and developed software tools to make taxation and...
,
ACL (software) Services Ltd.,
Approva,
BWise,
Oversight Systems
Oversight Systems
is a US company, founded in late 2003, which develops and sells computer software that helps businesses continually check for inside fraud, errors and other problems. The software also helps public companies with the monitoring and testing of controls associated with the Sarbanes-Oxley Act compliance...
,
WebMethods from Software AG,
Fulcrumway,
EventTracker from Prism Microsystems,
http://www.prismmicrosys.com/EventTrackerSIEM/index.php
Continuous monitoring typically includes solutions that address the three operational disciplines known as
- Continuous Audit
- Continuous Controls Monitoring
- Continuous Transaction Inspection